| SSL VPN
Array Networks' SPX2000 VPN appliance is a full-featured VPN designed for small- and medium-sized businesses.
It's a cost-effective SSL VPN system, which provides users with flexible and simplified secure access to email, file shares and chosen applications. The SPX2000 is a plug-and-play solution that enables quick and efficient configuration of VPN parameters and provides a high-performance "in-office" experience for an increasingly mobile workforce.
The SPX 2000 stacks up well against the competition, competitively priced with up to 500 concurrent connections, which is more than most SSL VPN appliances that are designed for the small- and medium-sized business market.
Setting up the device does not take much effort, but could be simpler, especially for people who don't have a background in Cisco-like interfaces. However, we completed the first part of the device setup without looking at documentation.
The first step requires connecting to the device via serial cable and using a terminal program (such as Windows HyperTerminal).
Having Cisco terminal experience will make this part easier. Once the interfaces are configured, you're able to log in to the Web application to continue the configuration.
We would have found it very helpful to have an LCD screen and controls on the front of the appliance that could configure the addresses, then complete the rest of the setup through the Web interface.
The Web GUI is set up well, and we found it quite easy to figure out, thanks in large part to built-in PDF help documents, which are available through the interface. The only issue we encountered with the GUI was that it would sometimes become unresponsive, requiring us to log in again. We weren't able to track down the issue, but it was an annoyance.
Many companies will like having Array Networks' embedded NAC-like function, which verifies the integrity of the endpoint, including antivirus software, personal firewall, service pack, and patch/hotfix policies. Needless to say, this adds some of the complexity that comes with the territory, but is an attractive feature for companies looking to implement NAC capability.
Setting up a "virtual site" for client connections is easy, but there are many options available. We were pleased to see many authentication methods are supported, including RSA SecurID, RADIUS, LDAP, Active Directory and a built-in local database. We used AD, which was easy to set up.
There's enormous flexibility through the use of virtual sites, which can be configured to access different resources within your organization, such as different business units, offices and departments. For example, you may have one virtual site that connects to human resources, and another separate site that connects to various IT groups.
The policy options are extensive. Virtual sites can use different authentication methods based on policy that requires weaker or stronger controls, so one virtual site could require AD, another RADIUS. You can have multiple methods for each site as well. Granular user access can be defined through the "AAA authorization" function.
There are also several ways to access resources via the virtual sites. Simple Web access, file access (CIFS and NFS), mail services, thin client (using Citrix or other thin client technology) and a Layer 3 SSL VPN are available. There is a client for Windows as well as Linux for the Layer 3 VPN client. All of the access types were simple to set up, and they all work well.
The reasonable cost and relative ease of use provide a mix that will work well with most any small- or medium-sized organization.
Testing methodology: We tested the SPX 2000 with Windows XP and Windows Vista clients.
Dig Deeper on SSL and TLS VPN Security